[src/trunk]: src/external/bsd/wpa/dist/src/p2p Fix potential buffer overflow:

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/external/bsd/wpa/dist/src/p2p Fix potential buffer overflow:
From: christos <christos%NetBSD.org@localhost>
Date: Tue, 31 Jul 2018 19:20:53 +0000

details:   https://anonhg.NetBSD.org/src/rev/3ef0f4da4543
branches:  trunk
changeset: 337665:3ef0f4da4543
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Apr 22 20:24:20 2015 +0000

description:
Fix potential buffer overflow:
http://w1.fi/security/2015-1/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch

XXX: pullup-[67]

diffstat:

 external/bsd/wpa/dist/src/p2p/p2p.c |  1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diffs (11 lines):

diff -r 2e4670a5500e -r 3ef0f4da4543 external/bsd/wpa/dist/src/p2p/p2p.c
--- a/external/bsd/wpa/dist/src/p2p/p2p.c       Wed Apr 22 20:21:11 2015 +0000
+++ b/external/bsd/wpa/dist/src/p2p/p2p.c       Wed Apr 22 20:24:20 2015 +0000
@@ -778,6 +778,7 @@
        if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
                os_memcpy(dev->interface_addr, addr, ETH_ALEN);
        if (msg.ssid &&
+           msg.ssid[1] <= sizeof(dev->oper_ssid) &&
            (msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
             os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
             != 0)) {

Prev by Date: [src/trunk]: src/distrib/atari/floppies/install double the size of the image ...
Next by Date: [src/trunk]: src/sys/net Fix a copy n pasta error with prior.
Previous by Thread: [src/trunk]: src/distrib/atari/floppies/install double the size of the image ...
Next by Thread: [src/trunk]: src/sys/net Fix a copy n pasta error with prior.
Indexes:

Home | Main Index | Thread Index | Old Index